Lucene search
K

2887 matches found

NVD
NVD
added 2014/04/25 5:12 a.m.19 views

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References2
Prion
Prion
added 2014/04/25 5:12 a.m.15 views

Design/Logic Flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

9.3CVSS8.4AI score0.0315EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/25 1:0 a.m.25 views

CVE-2014-0769 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

9.3CVSS6.9AI score0.02054EPSS
Exploits0References1
CVE
CVE
added 2014/04/25 1:0 a.m.61 views

CVE-2014-0760

CVE-2014-0760 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is an undocumented FTP access path that allows remote attackers to execute arbitrary code or trigger a denial of service via unspecified vectors. Public exploitation is noted in ICS-CERT advisories; mu...

9.3CVSS7.8AI score0.0315EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2014/04/25 1:0 a.m.72 views

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

9.3CVSS7.2AI score0.02054EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2014/04/25 12:0 a.m.5 views

PT-2014-3822 · 3S Smart Software Solutions +1 · Codesys +2

Name of the Vulnerable Software and Affected Versions: Festo CECX-X-C1 Modular Master Controller with CoDeSys version affected versions not specified Festo CECX-X-M1 Modular Controller with CoDeSys version affected versions not specified Description: The issue involves an undocumented access meth...

9.3CVSS7.8AI score0.0315EPSS
Exploits0References4
0day.today
0day.today
added 2014/03/19 12:0 a.m.55 views

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities

vAPV: Virtual Application Delivery Controllers for Cloud and Virtualized Environments Powered by Array's award-winning 64-bit SpeedCoretm architecture, vAPV virtual application delivery controllers extend Array's proven price-performance and rich feature set to public and private clouds and...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/02/01 12:0 a.m.77 views

[USN-2092-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2092-1 January 30, 2014 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

6CVSS0.1AI score0.00585EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/01/31 12:0 a.m.35 views

Ubuntu 12.04 LTS / 12.10 / 13.10 : qemu, qemu-kvm vulnerabilities (USN-2092-1)

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

7.2CVSS7.3AI score0.00585EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2014/01/30 8:28 p.m.52 views

USN-2092-1: QEMU vulnerabilities

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

7.2CVSS7.3AI score0.00585EPSS
Exploits0
RubySec
RubySec
added 2013/12/24 12:0 a.m.14 views

Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

Fat Free CRM contains a flaw in user controllers that is triggered as JSON requests are rendered with a full JSON object. This may allow a remote attacker to gain access to potentially sensitive information e.g. other users password hashes...

5CVSS4.3AI score0.02525EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/12/12 12:0 a.m.35 views

Samba 3.x < 3.6.22 / 4.0.x < 4.0.13 / 4.1.x < 4.1.3 Multiple Vulnerabilities

According to its banner, the version of Samba running on the remote host is 3.3.x equal or later than 3.3.10, 3.4.x, 3.5.x, 3.6.x prior to 3.6.22, 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.3. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability...

8.3CVSS8.2AI score0.0379EPSS
Exploits1References6
NVD
NVD
added 2013/12/10 6:14 a.m.23 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS8AI score0.02748EPSS
Exploits0References18
Cvelist
Cvelist
added 2013/12/10 2:0 a.m.24 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

7.9AI score0.02748EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2013/12/10 2:0 a.m.27 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS7.7AI score0.02748EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/12/09 12:0 a.m.28 views

CVE-2013-4408

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

8.3CVSS7.6AI score0.02748EPSS
Exploits0References3
NVD
NVD
added 2013/12/07 12:55 a.m.20 views

CVE-2013-6920

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port 1 21 or 2 23...

10CVSS7.2AI score0.03235EPSS
Exploits0References3
Prion
Prion
added 2013/12/07 12:55 a.m.14 views

Authentication flaw

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port 1 21 or 2 23...

10CVSS7.6AI score0.03235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/12/07 12:0 a.m.61 views

CVE-2013-6920

CVE-2013-6920 affects Siemens SINAMICS S/G controllers with firmware prior to 4.6.11. The vulnerability is an authentication bypass for FTP (port 21) and Telnet (port 23) sessions, enabling remote attackers to perform administrative actions without authentication. The issue arises from services t...

10CVSS7.4AI score0.03235EPSS
Exploits0References3Affected Software14
Cvelist
Cvelist
added 2013/12/07 12:0 a.m.23 views

CVE-2013-6920

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port 1 21 or 2 23...

7.2AI score0.03235EPSS
Exploits0References3
Rows per page
Query Builder